Vulnerabilities > CVE-2015-1269 - 7PK - Security Features vulnerability in Google Chrome

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase.

Vulnerable Configurations

Part Description Count
Application
Google
3739

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idGOOGLE_CHROME_43_0_2357_130.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.130. It is, therefore, affected by multiple vulnerabilities : - A scheme validation error exists in WebUI. A remote attacker can exploit this to have an unspecified impact. (CVE-2015-1266) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw that is triggered when handling the creation context passed through public APIs. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1267) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw in its V8 bindings. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1268) - A normalization bypass vulnerability exists in the HSTS/HPKP preload list. A remote attacker can exploit this to bypass HSTS/HPKP preloads and have a connection use HTTP instead of the expected HTTPS. (CVE-2015-1269) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id84342
    published2015-06-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84342
    titleGoogle Chrome < 43.0.2357.130 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1188.NASL
    descriptionUpdated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Chromium is an open source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1266, CVE-2015-1267, CVE-2015-1268, CVE-2015-1269) All Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.130, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2015-06-26
    plugin id84420
    published2015-06-26
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84420
    titleRHEL 6 : chromium-browser (RHSA-2015:1188)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201507-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201507-18 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id86087
    published2015-09-23
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86087
    titleGLSA-201507-18 : Chromium: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-449.NASL
    descriptionchromium was updated to 43.0.2357.130 to fix several security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-1266: Scheme validation error in WebUI - CVE-2015-1268: Cross-origin bypass in Blink - CVE-2015-1267: Cross-origin bypass in Blink - CVE-2015-1269: Normalization error in HSTS/HPKP preload list - boo#935022: Prevent Chromium from downloading a binary blob for speech recognition Contains the following non-security changes : - resolved browser font magnification/scaling issue. - Fixed an issue where sometimes a blank page would print - Icons not displaying properly on Linux
    last seen2020-06-05
    modified2015-06-26
    plugin id84415
    published2015-06-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84415
    titleopenSUSE Security Update : chromium (openSUSE-2015-449)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_43_0_2357_130.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.130. It is, therefore, affected by multiple vulnerabilities : - A scheme validation error exists in WebUI. A remote attacker can exploit this to have an unspecified impact. (CVE-2015-1266) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw that is triggered when handling the creation context passed through public APIs. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1267) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw in its V8 bindings. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1268) - A normalization bypass vulnerability exists in the HSTS/HPKP preload list. A remote attacker can exploit this to bypass HSTS/HPKP preloads and have a connection use HTTP instead of the expected HTTPS. (CVE-2015-1269) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id84343
    published2015-06-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84343
    titleGoogle Chrome < 43.0.2357.130 Multiple Vulnerabilities (Mac OS X)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3315.NASL
    descriptionSeveral vulnerabilities were discovered in the chromium web browser. - CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. - CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. - CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the Same Origin Policy. - CVE-2015-1269 Mike Rudy discovered that hostnames were not properly compared in the HTTP Strict Transport Policy and HTTP Public Key Pinning features, which could allow those access restrictions to be bypassed. - CVE-2015-1270 Atte Kettunen discovered an uninitialized memory read in the ICU library. - CVE-2015-1271 cloudfuzzer discovered a buffer overflow in the pdfium library. - CVE-2015-1272 Chamal de Silva discovered race conditions in the GPU process implementation. - CVE-2015-1273 makosoft discovered a buffer overflow in openjpeg, which is used by the pdfium library embedded in chromium. - CVE-2015-1274 andrewm.bpi discovered that the auto-open list allowed certain file types to be executed immediately after download. - CVE-2015-1276 Colin Payne discovered a use-after-free issue in the IndexedDB implementation. - CVE-2015-1277 SkyLined discovered a use-after-free issue in chromium
    last seen2020-06-01
    modified2020-06-02
    plugin id84992
    published2015-07-27
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84992
    titleDebian DSA-3315-1 : chromium-browser - security update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D46ED7B8191211E59FDF00262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : 4 security fixes in this release : - [464922] High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous. - [494640] High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - [497507] Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous. - [461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.
    last seen2020-06-01
    modified2020-06-02
    plugin id84327
    published2015-06-23
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84327
    titleFreeBSD : www/chromium -- multiple vulnerabilities (d46ed7b8-1912-11e5-9fdf-00262d5ed8ee)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2652-1.NASL
    descriptionIt was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-1266) It was discovered that Blink did not properly restrict the creation context during creation of a DOM wrapper. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1267, CVE-2015-1268) It was discovered that Chromium did not properly canonicalize DNS hostnames before comparing to HSTS or HPKP preload entries. An attacker could potentially exploit this to bypass intended access restrictions. (CVE-2015-1269). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84487
    published2015-07-01
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84487
    titleUbuntu 14.04 LTS / 14.10 / 15.04 : oxide-qt vulnerabilities (USN-2652-1)

Redhat

advisories
rhsa
idRHSA-2015:1188
rpms
  • chromium-browser-0:43.0.2357.130-1.el6_6
  • chromium-browser-debuginfo-0:43.0.2357.130-1.el6_6